USN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Ethernet bonding driver; - Network drivers; - STMicroelectronics network drivers; - NVME drivers; - x86 platform drivers; - SCSI subsystem; - SPI subsystem; - TCM subsystem; - USB over IP driver; - File systems infrastructure; - HFS+ file system; - Network file system (NFS) server daemon; - SMB network file system; - IPv6 networking; - Netfilter; - Tracing infrastructure; - io_uring subsystem; - Timer subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - MAC80211 subsystem; - M
CSIRTS triage
- What
- Multiple vulnerabilities in the Linux kernel could allow local attackers to escalate privileges or escape containers.
- Who is affected
- Local attackers on systems running the affected Linux kernel.
- Urgency
- Remediation is urgent due to the potential for privilege escalation and exploitation status being confirmed.
- Action
- Apply the latest security updates for the Linux kernel.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch kernel
Get an email when a new kernel advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://ubuntu.com/security/notices/USN-8528-1
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation confirmedCVE-2026-31431Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
- Exploitation confirmedCVE-2026-43284Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
- Exploitation confirmedCVE-2026-43500Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
- Exploitation confirmedCVE-2026-43503Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 3% of all scored CVEs.
- Exploitation confirmedCVE-2026-46300Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 88% of all scored CVEs.
- Exploitation confirmedCVE-2026-46333Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 69% of all scored CVEs.
- Exploitation confirmedCVE-2022-48816Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 17% of all scored CVEs.
- Exploitation confirmedCVE-2023-53673Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 7% of all scored CVEs.
- Exploitation confirmedCVE-2024-35862Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 15% of all scored CVEs.
- Exploitation confirmedCVE-2024-50060Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 12% of all scored CVEs.
- Exploitation confirmedCVE-2025-37778Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now.
- Exploitation confirmedCVE-2025-37822Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now.
Referenced CVEs
+34 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attackcert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilities allow denial of servicecert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilities allow denial of servicecert-bund
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Linux Kernel: Multiple Vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Linux Kernel: Vulnerability allows unspecified attackcert-bund
- medium[UPDATE] [medium] Linux Kernel: Multiple Vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
More from Ubuntu Security Notices
- unknownUSN-8530-1: Linux kernel (AWS) vulnerabilities2026-07-10
- unknownUSN-8529-1: Linux kernel vulnerabilities2026-07-10
- unknownUSN-8527-1: Linux kernel (Raspberry Pi) vulnerabilities2026-07-10
- unknownUSN-8492-5: Linux kernel (FIPS) vulnerabilities2026-07-10
- unknownUSN-8526-1: libheif vulnerabilities2026-07-09